Cisco Patches Switch, Security Holes

Friday, February 5, 2016 @ 02:02 PM gHale

Cisco released software updates for switches and security products.

One of the vulnerabilities is an access control issue affecting the Cisco Application Policy Infrastructure Controller (APIC), a management product that is part of Cisco Application Centric Infrastructure (ACI).

Cisco also said Nexus 9000 switches, which are also a component of ACI, suffer from a denial-of-service (DoS) issue caused by a remote, unauthenticated attacker using a specially crafted ICMP packet. Cisco Nexus 9000 Series ACI Mode switches running software versions prior to 11.0(1c) suffers from the vulnerability.

Cisco ASA-CX and Cisco Prime Security Manager (PRSM) products also feel the affects of a high severity vulnerability. The issue allows a remote, authenticated attacker to change the password of any user, including administrators.

Cisco said the flaw can end up exploited by an attacker who does not have administrator privileges using a specially crafted HTTP request.